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Purposes of phone forensics 



® Extracting complete and unaltered information from 
cell phones, smartphones, PDA etc. 

® Analyzing extracted information and finding 
evidences. 

® Preparing forensic reports that can be presented in 
a court. 

® Proving data authenticity. 
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Smartphones market growth 



Devices shipped, M 
Total growth Q4 2006/2007 is 71.9% 




Source: Canalys estimates , © canalys.com ltd, 2008 
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Cell phones evolution 
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Communication protocols evolution 
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Smartphones and standard protocols 



The striking discrepancy between data extracted by standard logical forensic tools and 
protocols and data which is stored in the devices and can be used for forensic 

investigations is quite obvious. 
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How to extract information? 

There are 3 ways to get forensic information from smartphones: logical analysis, 
physical analysis and using a special agent application working inside smartphone OS 
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Agent application usage 

We at Oxygen Software use an agent application approach. The Agent works inside a 
smartphone, has access to all device API's and implements custom communication 
protocol to extract almost all forensic information needed 
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Data authenticity and other concerns 

Does putting agent into smartphone change its information? 

No. Smartphones have different memory areas for data and applications. 

Are there another way to extract full information from smartphones? 

Yes, with restrictions - physical analysis. 

What information can be extracted by agent application? 

All the information available for native OS applications. 

What information cannot be extracted by agent application? 

Memory dumps and protected system files - usually this information scarcely useful for 
forensic analysis. 

What are the main advantages of using agent application approach? 

Extracting complete information and presenting it in a structured and easy to analyze way. 
All this - using standard cables/adapters and with affordable price. 

Is agent application able to read deleted information? 

If this information is stored by operating system - yes. For example, Oxygen Forensic Suite 
reads information about SMS messages recently deleted from phone memory. 
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Interested in more details? 
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